Insights, news, education and announcements from PolySwarm

RapperBot Targets IoT

Aug 22, 2022 3:09:40 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, IoT, SSH, Mirai, RapperBot

Executive Summary

FortiGuard Labs recently reported on RapperBot, a malware family with a built-in capability to brute force credentials and gain access to SSH servers.

Black Basta Ransomware

Jul 5, 2022 3:33:54 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Windows, Linux, Black Basta, Qbot

0 Comments

Executive Summary

Cybereason recently reported on Black Basta ransomware, which has claimed around 50 victims so far, making it a prominent threat.

Symbiote Linux Malware

Jun 20, 2022 12:01:49 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Symbiote

0 Comments

Executive Summary

Intezer and BlackBerry recently reported on Symbiote, a difficult to detect Linux malware that relies on existing running processes to infect a system.

Pymafka Targets macOS, Windows, Linux

Jun 17, 2022 2:17:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike

0 Comments

Executive Summary

Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.

Enemybot IoT Malware

Jun 13, 2022 3:47:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Linux, Enemybot, CMS

0 Comments

Executive Summary

AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.

Key Takeaways

BPFDoor Targets Linux Systems

May 20, 2022 2:44:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Linux, Red Menshen, BPFDoor, Telecommunications

0 Comments

Background

PwC Threat Intelligence recently reported on BPFDoor, a passive network implant for Linux targeting telecommunications providers. The activity was attributed to the Chinese nexus threat actor group Red Menshen.